{"id":2005,"date":"2025-04-07T09:17:32","date_gmt":"2025-04-07T09:17:32","guid":{"rendered":"https:\/\/teknodc.net\/blog\/?p=2005"},"modified":"2025-05-16T11:50:20","modified_gmt":"2025-05-16T11:50:20","slug":"sunucuya-yetkisiz-erisim-nasil-onlenir","status":"publish","type":"post","link":"https:\/\/teknodc.net\/blog\/sunucuya-yetkisiz-erisim-nasil-onlenir\/","title":{"rendered":"Sunucuya Yetkisiz Eri\u015fim Nas\u0131l \u00d6nlenir?"},"content":{"rendered":"<h2 data-sourcepos=\"5:1-5:617\">Sunucuya Yetkisiz Eri\u015fim Nas\u0131l \u00d6nlenir?<\/h2>\n<p data-sourcepos=\"5:1-5:617\"><strong>Sunucu g\u00fcvenli\u011fi<\/strong>, dijital varl\u0131klar\u0131n korunmas\u0131 ve operasyonlar\u0131n s\u00fcreklili\u011fi i\u00e7in hayati bir zorunluluktur. \u00d6zellikle <strong>yetkisiz eri\u015fim \u00f6nleme<\/strong>, sunuculardaki hassas verilere ve kritik sistemlere yabanc\u0131lar\u0131n ula\u015fmas\u0131n\u0131 engellemek ad\u0131na al\u0131nmas\u0131 gereken en temel ve \u00f6nemli g\u00fcvenlik \u00f6nlemlerinin ba\u015f\u0131nda gelir. Ba\u015far\u0131l\u0131 bir <strong>yetkisiz eri\u015fim \u00f6nleme<\/strong> stratejisi, \u00e7ok katmanl\u0131 bir yakla\u015f\u0131mla \u00e7e\u015fitli g\u00fcvenlik y\u00f6ntemlerinin birlikte uygulanmas\u0131n\u0131 gerektirir. Bu yaz\u0131m\u0131zda, <a href=\"\/gpuvpsserver\">sunuculara<\/a> y\u00f6nelik <strong>yetkisiz eri\u015fim \u00f6nleme<\/strong> konusunda en etkili y\u00f6ntemleri ve dikkat edilmesi gerekenleri detayl\u0131 bir \u015fekilde ele alaca\u011f\u0131z.<\/p>\n<h3 data-sourcepos=\"7:1-7:56\"><strong>Root Eri\u015fimi ve Y\u00f6netimi: En Kritik G\u00fcvenlik Katman\u0131<\/strong><\/h3>\n<p data-sourcepos=\"9:1-9:509\"><a href=\"\/dedicated\">Sunucu<\/a> sistemlerinde en y\u00fcksek yetkilere sahip olan <strong>root eri\u015fimi<\/strong>, do\u011fru y\u00f6netilmedi\u011fi takdirde ciddi g\u00fcvenlik riskleri olu\u015fturabilir. <strong>Root eri\u015fimi<\/strong>nin k\u00f6t\u00fc niyetli ki\u015filerin eline ge\u00e7mesi, sistemlerin tamamen kontrol alt\u0131na al\u0131nmas\u0131, verilerin silinmesi veya \u00e7al\u0131nmas\u0131 gibi felaket senaryolar\u0131na yol a\u00e7abilir. Bu nedenle, <strong>root eri\u015fimi<\/strong>nin s\u0131n\u0131rland\u0131r\u0131lmas\u0131 ve sadece kesinlikle ihtiya\u00e7 duyan yetkili personel taraf\u0131ndan kullan\u0131lmas\u0131, <strong>yetkisiz eri\u015fim \u00f6nleme<\/strong> stratejisinin temelini olu\u015fturmal\u0131d\u0131r.<\/p>\n<p data-sourcepos=\"11:1-11:499\"><strong>Root eri\u015fimi<\/strong>ni y\u00f6netmek i\u00e7in al\u0131nabilecek \u00f6nlemler aras\u0131nda, varsay\u0131lan root parolas\u0131n\u0131n derhal de\u011fi\u015ftirilmesi ve karma\u015f\u0131k, g\u00fc\u00e7l\u00fc parolalar kullan\u0131lmas\u0131 yer al\u0131r. Ayr\u0131ca, m\u00fcmk\u00fcnse do\u011frudan root olarak oturum a\u00e7mak yerine, normal bir kullan\u0131c\u0131 hesab\u0131 \u00fczerinden yetki y\u00fckseltme mekanizmalar\u0131n\u0131n (sudo gibi) kullan\u0131lmas\u0131 tavsiye edilir. <strong>Root eri\u015fimi<\/strong> gerektiren i\u015flemlerin loglanmas\u0131 ve d\u00fczenli olarak denetlenmesi de olas\u0131 <strong>yetkisiz eri\u015fim<\/strong> giri\u015fimlerinin tespit edilmesine yard\u0131mc\u0131 olabilir.<\/p>\n<h3 data-sourcepos=\"13:1-13:53\"><strong>Port G\u00fcvenli\u011fi: A\u011f Eri\u015fimini Kontrol Alt\u0131na Almak<\/strong><\/h3>\n<p data-sourcepos=\"15:1-15:556\">Sunuculara a\u011f \u00fczerinden yap\u0131lan eri\u015fimleri kontrol alt\u0131nda tutmak i\u00e7in <strong>port g\u00fcvenli\u011fi<\/strong> b\u00fcy\u00fck \u00f6nem ta\u015f\u0131r.<a href=\"https:\/\/www.google.com\/search?q=sunucular+site%3Ateknodc.net&amp;oq=su&amp;gs_lcrp=EgZjaHJvbWUqCAgAEEUYJxg7MggIABBFGCcYOzIGCAEQRRg5MgYIAhAuGAMyBggDEEUYOzIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPDIGCAcQRRg80gEIMTAzOGowajSoAgCwAgE&amp;sourceid=chrome&amp;ie=UTF-8\"> Sunucular,<\/a> \u00e7e\u015fitli servisler (web, e-posta, dosya payla\u015f\u0131m\u0131 vb.) \u00fczerinden ileti\u015fim kurmak i\u00e7in belirli portlar\u0131 kullan\u0131r. Gereksiz portlar\u0131n a\u00e7\u0131k b\u0131rak\u0131lmas\u0131, potansiyel sald\u0131r\u0131 noktalar\u0131 olu\u015fturur ve <strong>yetkisiz eri\u015fim<\/strong> riskini art\u0131r\u0131r. Bu nedenle, sadece ger\u00e7ekten ihtiya\u00e7 duyulan servislerin kulland\u0131\u011f\u0131 portlar\u0131n a\u00e7\u0131k olmas\u0131 ve di\u011fer t\u00fcm portlar\u0131n g\u00fcvenlik duvarlar\u0131 (firewall) arac\u0131l\u0131\u011f\u0131yla kapat\u0131lmas\u0131 <strong>port g\u00fcvenli\u011fi<\/strong>nin temelini olu\u015fturur.<\/p>\n<p data-sourcepos=\"17:1-17:389\"><strong>Port g\u00fcvenli\u011fi<\/strong>nin etkin bir \u015fekilde sa\u011flanmas\u0131 i\u00e7in, g\u00fcvenlik duvar\u0131 kurallar\u0131n\u0131n do\u011fru yap\u0131land\u0131r\u0131lmas\u0131 ve d\u00fczenli olarak g\u00fcncellenmesi gereklidir. Hangi IP adreslerinden hangi portlara eri\u015fimin izinli oldu\u011fu a\u00e7\u0131k\u00e7a tan\u0131mlanmal\u0131 ve gerekmeyen eri\u015fimler engellenmelidir. Ayr\u0131ca, port taramas\u0131 gibi sald\u0131r\u0131 giri\u015fimlerini tespit etmek ve engellemek i\u00e7in izleme sistemleri kullan\u0131labilir.<\/p>\n<h3 data-sourcepos=\"19:1-19:61\"><strong>SSH Anahtar Kullan\u0131m\u0131: Parolaya Alternatif G\u00fcvenli Eri\u015fim<\/strong><\/h3>\n<p data-sourcepos=\"21:1-21:537\"><a href=\"\/gpuserver\">Sunuculara<\/a> g\u00fcvenli uzaktan eri\u015fim i\u00e7in yayg\u0131n olarak kullan\u0131lan SSH (Secure Shell) protokol\u00fcnde, parola tabanl\u0131 kimlik do\u011frulaman\u0131n yan\u0131 s\u0131ra <strong>SSH anahtar kullan\u0131m\u0131<\/strong> da \u00f6nemli bir g\u00fcvenlik katman\u0131 sunar. <strong>SSH anahtar kullan\u0131m\u0131<\/strong>, genel (public) ve \u00f6zel (private) anahtarlardan olu\u015fan bir \u00e7iftin kullan\u0131lmas\u0131n\u0131 temel al\u0131r. Genel anahtar sunucuya yerle\u015ftirilirken, \u00f6zel anahtar kullan\u0131c\u0131da kal\u0131r. Eri\u015fim sa\u011flanmak istendi\u011finde, \u00f6zel anahtar ile sunucudaki genel anahtar e\u015fle\u015ftirilir ve parola gerekmeksizin g\u00fcvenli bir ba\u011flant\u0131 kurulur.<\/p>\n<p data-sourcepos=\"23:1-23:656\"><strong>SSH anahtar kullan\u0131m\u0131<\/strong>, parola tabanl\u0131 kimlik do\u011frulamaya g\u00f6re \u00e7e\u015fitli avantajlar sunar. \u00d6ncelikle, g\u00fc\u00e7l\u00fc anahtarlar\u0131n k\u0131r\u0131lmas\u0131 parolalara g\u00f6re \u00e7ok daha zordur. \u0130kinci olarak, otomatikle\u015ftirilmi\u015f sald\u0131r\u0131lara (brute-force) kar\u015f\u0131 daha diren\u00e7lidir. \u00dc\u00e7\u00fcnc\u00fc olarak, her kullan\u0131c\u0131 i\u00e7in benzersiz anahtar \u00e7iftleri olu\u015fturularak eri\u015fimlerin daha detayl\u0131 bir \u015fekilde kontrol edilmesi sa\u011flanabilir. <strong>SSH anahtar kullan\u0131m\u0131<\/strong>n\u0131n g\u00fcvenli\u011fini art\u0131rmak i\u00e7in \u00f6zel anahtarlar\u0131n g\u00fcvenli bir \u015fekilde saklanmas\u0131 ve yetkisiz eri\u015fime kar\u015f\u0131 korunmas\u0131 \u00f6nemlidir. Ayr\u0131ca, parola tabanl\u0131 kimlik do\u011frulama tamamen devre d\u0131\u015f\u0131 b\u0131rak\u0131larak g\u00fcvenli\u011fin daha da art\u0131r\u0131lmas\u0131 m\u00fcmk\u00fcnd\u00fcr.<\/p>\n<h3 data-sourcepos=\"25:1-25:36\"><strong>Di\u011fer Etkili G\u00fcvenlik Y\u00f6ntemleri<\/strong><\/h3>\n<p data-sourcepos=\"27:1-27:194\">Yukar\u0131da bahsedilen y\u00f6ntemlerin yan\u0131 s\u0131ra, <strong>sunucu g\u00fcvenli\u011fi<\/strong>ni art\u0131rmak ve <strong>yetkisiz eri\u015fim \u00f6nleme<\/strong> konusunda daha kapsaml\u0131 bir yakla\u015f\u0131m benimsemek i\u00e7in a\u015fa\u011f\u0131daki ek \u00f6nlemler de al\u0131nabilir:<\/p>\n<ul data-sourcepos=\"29:1-36:0\">\n<li data-sourcepos=\"29:1-29:219\"><strong>G\u00fc\u00e7l\u00fc ve Benzersiz Parolalar:<\/strong> T\u00fcm kullan\u0131c\u0131 hesaplar\u0131 i\u00e7in tahmin edilmesi zor, karma\u015f\u0131k ve benzersiz parolalar kullan\u0131lmal\u0131d\u0131r. Parola politikalar\u0131 olu\u015fturularak d\u00fczenli parola de\u011fi\u015fiklikleri zorunlu k\u0131l\u0131nabilir.<\/li>\n<li data-sourcepos=\"30:1-30:193\"><strong>\u00c7ok Fakt\u00f6rl\u00fc Kimlik Do\u011frulama (MFA):<\/strong> Kullan\u0131c\u0131lar\u0131n kimliklerini do\u011frulamak i\u00e7in parola d\u0131\u015f\u0131nda ikinci bir do\u011frulama y\u00f6ntemi (\u00f6rne\u011fin, SMS kodu, mobil uygulama bildirimi) kullan\u0131lmal\u0131d\u0131r.<\/li>\n<li data-sourcepos=\"31:1-31:147\"><strong>Eri\u015fim Kontrol Listeleri (ACL&#8217;ler):<\/strong> Dosya ve dizinlere eri\u015fim yetkileri, sadece ihtiya\u00e7 duyan kullan\u0131c\u0131lar ve gruplarla s\u0131n\u0131rland\u0131r\u0131lmal\u0131d\u0131r.<\/li>\n<li data-sourcepos=\"32:1-32:159\"><strong>D\u00fczenli G\u00fcvenlik Denetimleri ve Taralamalar:<\/strong> <a href=\"\/virtualprivateserver\">Sunucular<\/a> d\u00fczenli olarak g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in taranmal\u0131 ve tespit edilen zafiyetler derhal giderilmelidir.<\/li>\n<li data-sourcepos=\"33:1-33:166\"><strong>G\u00fcncel Yaz\u0131l\u0131mlar:<\/strong> \u0130\u015fletim sistemi, uygulamalar ve di\u011fer sunucu yaz\u0131l\u0131mlar\u0131 d\u00fczenli olarak g\u00fcncellenerek bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n kapat\u0131lmas\u0131 sa\u011flanmal\u0131d\u0131r.<\/li>\n<li data-sourcepos=\"34:1-34:193\"><strong>Yetkisiz Eri\u015fim Giri\u015fimlerinin \u0130zlenmesi ve Loglanmas\u0131:<\/strong> <a href=\"\/gpuvpsserver\">Sunucu<\/a> \u00fczerindeki t\u00fcm eri\u015fim giri\u015fimleri detayl\u0131 bir \u015fekilde loglanmal\u0131 ve \u015f\u00fcpheli aktiviteler i\u00e7in d\u00fczenli olarak denetlenmelidir.<\/li>\n<li data-sourcepos=\"35:1-36:0\"><strong>En Az Yetki Prensibi:<\/strong> Kullan\u0131c\u0131lara sadece g\u00f6revlerini yerine getirmek i\u00e7in ihtiya\u00e7 duyduklar\u0131 minimum yetkiler verilmelidir.<\/li>\n<\/ul>\n<h2 data-sourcepos=\"37:1-37:26\"><strong>S\u0131k\u00e7a Sorulan Sorular(SSS)<\/strong><\/h2>\n<ul data-sourcepos=\"39:1-52:300\">\n<li data-sourcepos=\"39:1-41:0\">\n<h3 data-sourcepos=\"39:5-39:70\"><strong>Sunucuma yetkisiz eri\u015fimi engellemek i\u00e7in en temel ad\u0131m nedir?<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>G\u00fc\u00e7l\u00fc ve benzersiz parolalar kullanmak ve varsay\u0131lan parolalar\u0131 derhal de\u011fi\u015ftirmek en temel ve kritik ad\u0131md\u0131r.<\/p>\n<p>&nbsp;<\/p>\n<ul data-sourcepos=\"39:1-52:300\">\n<li data-sourcepos=\"42:1-44:0\">\n<h3 data-sourcepos=\"42:5-42:73\"><strong>Root eri\u015fimini tamamen kapatmak m\u00fcmk\u00fcn m\u00fcd\u00fcr ve bu g\u00fcvenli midir?<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>Root eri\u015fimini tamamen kapatmak baz\u0131 durumlarda m\u00fcmk\u00fcn olsa da, genellikle sistem y\u00f6netimi i\u00e7in belirli durumlarda (ilk kurulum, acil durum m\u00fcdahalesi vb.) gereklidir. \u00d6nemli olan, root eri\u015fimini s\u0131n\u0131rland\u0131rmak, denetlemek ve sadece gerekti\u011finde kullanmakt\u0131r.<\/p>\n<p>&nbsp;<\/p>\n<ul data-sourcepos=\"39:1-52:300\">\n<li data-sourcepos=\"45:1-47:0\">\n<h3 data-sourcepos=\"45:5-45:80\"><strong>Neden SSH anahtar kullan\u0131m\u0131 parola tabanl\u0131 eri\u015fime g\u00f6re daha g\u00fcvenlidir?<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>SSH anahtarlar\u0131, parolalara g\u00f6re \u00e7ok daha karma\u015f\u0131k ve k\u0131r\u0131lmas\u0131 zordur. Ayr\u0131ca, otomatikle\u015ftirilmi\u015f parola deneme sald\u0131r\u0131lar\u0131na kar\u015f\u0131 daha diren\u00e7lidir ve her kullan\u0131c\u0131 i\u00e7in benzersiz anahtar \u00e7iftleri olu\u015fturulabilir.<\/p>\n<p>&nbsp;<\/p>\n<ul data-sourcepos=\"39:1-52:300\">\n<li data-sourcepos=\"48:1-50:0\">\n<h3 data-sourcepos=\"48:5-48:70\"><strong>Port g\u00fcvenli\u011fi neden \u00f6nemlidir ve hangi portlar\u0131 kapatmal\u0131y\u0131m?<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>Port g\u00fcvenli\u011fi, sunuculara a\u011f \u00fczerinden yap\u0131lan yetkisiz eri\u015fimleri engellemek i\u00e7in \u00f6nemlidir. Sadece ger\u00e7ekten ihtiya\u00e7 duyulan servislerin kulland\u0131\u011f\u0131 portlar a\u00e7\u0131k b\u0131rak\u0131lmal\u0131 ve di\u011fer t\u00fcm gereksiz portlar g\u00fcvenlik duvar\u0131 arac\u0131l\u0131\u011f\u0131yla kapat\u0131lmal\u0131d\u0131r.<\/p>\n<p>&nbsp;<\/p>\n<ul data-sourcepos=\"39:1-52:300\">\n<li data-sourcepos=\"51:1-52:300\">\n<h3 data-sourcepos=\"51:5-51:71\"><strong>Tek ba\u015f\u0131na g\u00fc\u00e7l\u00fc parolalar sunucu g\u00fcvenli\u011fi i\u00e7in yeterli midir?<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>Hay\u0131r, tek ba\u015f\u0131na g\u00fc\u00e7l\u00fc parolalar yeterli de\u011fildir. <strong>Yetkisiz eri\u015fim \u00f6nleme<\/strong> \u00e7ok katmanl\u0131 bir yakla\u015f\u0131mla \u00e7e\u015fitli g\u00fcvenlik y\u00f6ntemlerinin (g\u00fc\u00e7l\u00fc parolalar, \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama, port g\u00fcvenli\u011fi, <strong>SSH anahtar kullan\u0131m\u0131<\/strong>, eri\u015fim kontrol listeleri vb.) birlikte uygulanmas\u0131n\u0131 gerektirir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sunucuya Yetkisiz Eri\u015fim Nas\u0131l \u00d6nlenir? Sunucu g\u00fcvenli\u011fi, dijital varl\u0131klar\u0131n korunmas\u0131 ve operasyonlar\u0131n s\u00fcreklili\u011fi i\u00e7in hayati bir&hellip;<\/p>\n","protected":false},"author":1,"featured_media":2006,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[27],"tags":[],"class_list":["post-2005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/posts\/2005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/comments?post=2005"}],"version-history":[{"count":3,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/posts\/2005\/revisions"}],"predecessor-version":[{"id":2166,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/posts\/2005\/revisions\/2166"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/media\/2006"}],"wp:attachment":[{"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/media?parent=2005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/categories?post=2005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknodc.net\/blog\/wp-json\/wp\/v2\/tags?post=2005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}